For the fourth day of Cyber Security Awareness Month we will look at how to build a response kit. When you or your team get notified about an incident, what do you bring with you? In the preparation phase you want to think about putting together a physical and virtual kit that contains the tools you need when investigating an incident.
Jim Murray submitted a GIAC paper last year on incident handling and gave this advice:
Build your response kit - This can be a duffle bag or a small carry-on suitcase. Regardless of what it is, this is what you have with you whenever you work an incident. You want to make sure that you spend enough time putting this together, so that you are ready at a moment's notice. You should never steal from your response kit. Sometimes we are testing something or working on an issue and we need a network cable or installation software and know it is there in our response kit. We tell ourselves that we are just going to borrow it and put it back as soon as we are done. Don't do it because you know it will never make it back there. Here is a list of things that you should consider having in your response kit:
If you have built a response kit and have any anecdotes or ideas you can share please send them to us via our contact page. We will update this diary with your comments and thoughts throughout the day, so start sending them in.
Marcus H. Sachs
Oct 4th 2008
1 decade ago